In reference to the recent political events, the ongoing farmers protest in India is reportedly utilizing a ransomware tactic to increase forces demanding justice.

The Indian farmer’s protest is an ongoing national phenomenon that was launched in August 2020. The farmer’s protest is in direct opposition to the newly embedded Farm Bills in September 2020 that was passed by the Lok Sabha and Rajya Sabha parliaments. 

Farmer unions and subsequent representatives have demanded that the farm laws be abolished and have declared that no compromise will be accepted.

International debate of the farmers protest:

The farmers protest in India recently sparked international debate and resulted in the political debacle gaining multiple and rather controversial facets from various individual and political parties. 

The ransomware:

Detailing the ransomware tactic, Quick Heal which is an Indian cybersecurity establishment have allegedly spotted proof that a cyber attack drive by a group allegedly by the name the ‘Khalsa Cyber Fauj’.  

Utilizing this ransomware tactic, the farmer’s protest supporters are seemingly circulating a ransomware file that encrypts a system when downloaded with the infection.

Unconventional demands supporting farmers protest:

However, according to security experts, the ransomware does not demand the conventional ransom as is the general case.

On the contrary, once the ransomware gets deployed and encrypts the victim device, it states that the encryption will not be repealed until the farmer’s protest demands are not fulfilled. 

According to investigation reports, the ransomware attack is deployed via Microsoft Office documents cloaking the malware code in the doc files. Once the documents d download into a system by the victim user,  it then enables the macro element to execute a command, which downloads the actual malware file from a remote server. The ransomware is seemingly named Sarbloh, after the file extension that it carries.

Hazy details to link with farmers protest:

The Sarlobh ransomware is reported to be non-decryptable ransomware as it is implemented via a dynamically generated AES encryption key as well as contains a master RSA Public key that is retained in the malware document itself.

Details regarding the methods of spreading the ransomware are yet to come up. typical ransomware deployments are carried via phishing emails or through other channels. Whether the ransomware even has any weaknesses is yet to be determined, says Quick Heal.

It is also unclear if the Khalsa Cyber Fauj is really sided with the farmer’s protests, or are crooks who abusing the current socio-political stand-off with malicious political grounds of their own. No official statements have so far been issued by farmer representatives regarding the ransomware.